PDF Markup

From Drumlin Security Wiki
Jump to navigation Jump to search

PDF Markup and Annotation

Annotations are a means of adding information to pages of standard PDF files. They can be a range of different types, including highlighting, text notes, watermarks, hyperlink boxes, redactions, and drawn lines, boxes, circles etc. Other forms of annotation that are less commonly used include various media elements and 3D models. For full details please see section 7.5. of the PDF Specification document. Each annotation element is a separate object that forms part of the page structure, i.e. all annotations are held within the page structure and hence lie within the overall PDF document as a form of edit or amendment to the original PDF. However, if editing is not permitted, as a result of standard PDF security permissioning or as part of higher security measures set by a Digital Rights Management (DRM) system, then any annotations cannot form part of the file.

With some Digital Rights Management (DRM) systems annotation of encrypted PDF files is supported. In this case the annotations cannot be included as part of the file, but can be stored in a separate "annots" file. This annots file has to be linked in some way to the source encrypted PDF (e.g. by naming conventions) and will contain pointers that identify both the page and position on the page of the relevant annotation. This is a powerful solution to an otherwise intractable problem, but it does have limitations. These include:

  • if the source file is copied to another location or device, it will lose the linked annotations (unlike with a standard PDF, where the annotations form part of the 'modified' original)
  • if the source file is amended by the publisher as an updated encrypted file with the same naming etc., then it may result in the associated annots file pointing to the wrong location on a page or the wrong page, if substantial changes have been made to the document. The solution in this instance is to ensure that a copy of the original is retained for cross-referencing
  • some software may provide facilities to copy/move both the original encrypted file and its associated annots file - the Windows version of Javelin3 from Drumlin Security Ltd does provide this option, but in general this feature is not commonly provided
  • for web-based secured PDFs, if annotation facilities are provided, the issue tends not to be a problem as they are designed to be used from any suitable browser, i.e. from multiple locations and/or by a number of different end users

In Web environments, where PDFs have been converted to HTML5 format for display, highlighting and annotation is generally handled in a different manner - see here for more details.